Check Your General Commercial Liability Policy for Cyberliability Coverage


It is likely that your company has an obligation to protect the data and the financial information of its customers, clients and/or employees. This may be harder than ever since much of the company’s most of the valuable information now involves some form of network and data connection or storage, and work is conducted electronically over a network.

Many smaller businesses find themselves vulnerable to cyberthieves, mainly because they have limited budgets for data security and few or no technology experts on staff. Costs of a hacking incident or inadvertent disclosure can include: forensic expenses to figure out what happened, how, and what was taken; installing more robust data protection security; data recovery; notifying customers; paying credit monitoring fees for affected customers; hiring a public relations firm to deal with the fall out; perhaps dealing with business interruption from downed technology. There also may be regulatory fees or fines, legal fees and court costs.

Liability for loss or disclosure of customer or employee data is not typically covered under a corporate insurance policy. Some existing business insurance policies that offer general liability, and directors and officers liability, may provide a measure of coverage for those areas, but significant gaps may exist if you are trying to recover from a hacking incident that revealed private information.

Some insurance coverage for cyberliability was offered to technology service providers to cover them for negligence or wrongful acts that led to damages for their clients, including security breaches. Some general commercial insurance policies offered coverage for publication of material that violates a person’s right of privacy.

There has been at least one recent case that denied coverage where the data breach was not a negligent act by the insured, but a deliberate hacker attack.  Companies with HIPAA obligations, companies that store credit card information or email addresses and passwords for customers or online retailers especially should review their insurance coverage’s against a hacking or an inadvertent release of private information.

If the general business policies are not adequate for the risks, consider specific cyber liability policies that cover their costs for dealing with a disclosure and also for defending suits from customers or other third parties.

Situations to talk with your insurance agent should include:

  • Professional insurance
  • Loss or disclosure of personally identifiable employee and customer/client information.
  • Failure to prevent the entrance or spread of a virus/hacker attack.
  • Libel, slander and copyright infringement from your website content.
  • Expenses to respond to a threat to harm or release your data as well as cover ransom payments if necessary (extorition).
  • Breach response

In addition, some basic security measures may make your company less vulnerable, such as firewalls and strong passwords that are frequently changed. If employees bring their own devices that connect to the Company networks, those devices need security as well.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sands Anderson PC | Attorney Advertising

Written by:


Sands Anderson PC on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.